lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

2012/5/21 Philippe Lhoste <PhiLho@gmx.net>
A hash doesn't allow you to store passwords, it only allows to verify a provided password is identical to the expected one. You can't get back a password that have been hashed.
If your goal is only to check passwords, that's OK.

My goal is to check passwords indeed, and to prevent storing them as plain text.
 
Indeed, Lua 5.2 has binary operators allowing to compute MD5 or similar algorithms. Probably slower than a C version, but I suppose you won't check thousands of password per second, so it should be OK.

AFAIK, most Lua libraries with native C code will need to be recompiled for Lua 5.2. I had to do that for lfs, luasocket, lpeg...

Just tried for fun, luasocket indeed won't do out of the box on Lua 5.2. So I'm back to 5.1, never change a winning team. :-)

Thanks for your reply, and I'll continue my search for pure Lua code that encrypts or hashes a password, or create one myself. Maybe I'll find code that emulates binary operators, although IMHO that would be an extremely slow solution.

--
Paco